Saturday, December 16, 2006

More on rfid passports (ePassports) [and DVDs]

Today I saw an article on the BBC web site which made we glad that I've bought my anti-RFID passport holder. The disclosures in the article confirm what I've always thought, the rfid chip does nothing significant to increase security and does something significant to reduce security. Now, I may be wrong, I don't understand enough about the cryptography used (they do use some cryptography, don't they?), but it is possible that while it is relatively easy to clone a passport, it may be difficult to create a new one from scratch. To clone, all that is needed is to copy the (encrypted?) chip, to create a new one you may need to do the encryption and you might not have the key. Does anyone know? Maybe there is method behind this scheme, rather than the madness of increased costs and decreased security.

So what has this to do with DVDs? When I had the CSS scheme first described to me, I couldn't understand what it was good for. Clearly it didn't prevent cloning a DVD - if you clone all the digital content you have a clone of the DVD. A serious fraudster - one with a pressing plant - shouldn't have a problem in mass producing fake DVDs. Then I realised; the mechanism was there to enforce the licencing policy. To play back the DVD you need the algorithm. To get the algorithm you need to sign a licence. Provided CSS is patent protected you have a case against anyone producing a player which doesn't confirm to your licencing terms. If it's made by a licencee, they're in breach of their licence; if it's made by a non-licencee, they're in breach of your patent.

No comments:

Search This Blog